The first 48: All your data are belong to us
Chad Gough & Molody Haase & Jared Sikorski

Bloomcon 2017

Your client calls in the middle of the night in a full-fledged panic. They have been hacked. You rush over and arrive on the scene to find something that sends chills down your spine: ransomware. Your client desperately wants their data back, and you are their only hope. What do you do?
This presentation will guide you through the first 48 hours of a ransomware case.
Using case studies, presenters will show you how to assess the scene, triage and quarantine infected devices, identify likely suspects, eradicate the malware threat, bring data home to its rightful owner, and restore order. Attendees will learn the pros and cons of paying for hostage data, making Bitcoin ransom payments, and tracing Bitcoin transactions on the blockchain. By the end of this presentation, attendees will never let their case go cold.